The present invention relates to computing environments, and deals more particularly with techniques for obscuring information in messages to be exchanged over a communications network. In one aspect, the information comprises path name information and parameters for use in a Uniform Resource Locator (“URL”). In another aspect, the information comprises parameters used in forms.
Messages exchanged over a communications network such as the Internet commonly contain a URL. As is well known, a URL is a subset of a Uniform Resource Identifier (“URI”) that specifies where a particular resource is located and a mechanism for retrieving it. The format of a URL is well known, and typically includes a host name and domain portion followed by a path name portion. A so-called “dynamic” form of URL is known, where the URL format provides for passing a string of one or more parameters, where each parameter comprises a name/value pair. The presence of the parameter string is denoted in the URL by specifying a question mark character, and the parameter string then follows this character. Within the parameter string, the name/value pairs are separated from one another by an ampersand character and an equal sign is used to separate the parameter name from the parameter value in each name/value pair.
There have been multiple cases of hacking web sites by modifying dynamic URL parameters, allowing the hackers to discover private data, corrupt the back-end application, and/or corrupt the data used by the back-end application. In one known security breach, for example, a URL included a parameter name/value pair for specifying a user's key for registered users of a web site to thereby pass this key value to the back-end application. Hackers discovered that by modifying the user key value, they were able to view name and address information of the user associated with the altered key value.